"Dear [user]
I saw something like this at [link to an LJ -- actually link offsite to a webpage that downloads trojans]."
If an unfamiliar user gives a comment like that, hover your mouse over the link to see where it's really headed, and if it's not LJ, use the "Delete this comment as spam" feature to get the journal (and hopefully the whole nest) kicked so far off LJ we can't even hear the bounce.
Thanks to
ataniell93 for the heads-up. 